This invention relates generally to methods and systems for replacing shared secrets over networks, and more particularly, to methods and systems for securely replacing shared secrets stored in computer systems over networks after discovering that a security breach might have occurred or has occurred.
Users are known to access confidential data, such as bank account details, and confidential web sites such as virtual private networks over communications networks such as the Internet. However, individuals have been known to surreptitiously obtain information such as passwords and usernames by phishing over the networks, and to use the obtained information to conduct fraudulent transactions. Such fraudulent transactions have been known to compromise the security of confidential data.
One known method for increasing the security of confidential data and web sites against fraudulent transactions uses a device that implements dual factor authentication based on a moving factor and a shared secret. In such an implementation, the moving factor may be time or may be an event. The device may be a hardware dongle or a software application operable on computer devices such as, but not limited to, personal computers, tablet computers, laptop computers, and smart phones. Each device generates one-time passwords based on the shared secret and the time of generation, and is operable to display the generated one-time password for the authorized user to see. In order to gain access to a confidential web site or to gain access to confidential data included in a web site, authorized users have been known to enter the generated one-time password in the web site at the time of attempted access. A computer system supporting the confidential web site authenticates the entered one-time password and grants the user access when the password is authenticated. However, when the one-time password is not authenticated the user is not granted access.
The shared secret included in the device is typically difficult to change once included in the device. As such, it may be time consuming and expensive to change a shared secret after it is included in a device. Thus, when a shared secret becomes known to unauthorized users as the result of a security breach, the device including the breached shared secret may be rendered useless. Additionally, should an authorized user be coerced into entering the one-time password in the confidential web site for requesting access, mechanisms may not be available for notifying the web site operator that the requested access is effectively unauthorized and may result in unauthorized confidential data retrieval.